← Home

@mintlify/http-client

npm Repository Homepage

The Mintlify http client package

3
Versions
Elastic-2.0
License
No
Install Scripts
Missing
Provenance

Supply chain provenance

Status for the latest visible version.

No SLSA provenance npm registry signatures gitHead linked

Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.

Maintainers

dks333hanminthahnbeeshouchem-mintlifykathrynmintlifykylefinkenian-mintlifydenssumesh

Keywords

mintlifymintclienthttp

Accepted risks

Findings the reviewer chose to accept rather than block on.

SourceRuleReasonAccepted byWhen
provenance publisher-changed AI (provenance): Mintlify transitioned publishing to GitHub Actions CI/CD automation — a standard org practice. Package is from an established company with 626 versions and no suspicious code changes. ai
provenance no-provenance AI (provenance): Mintlify publishes via GitHub Actions CI/CD without Sigstore attestation; consistent across all versions of this package. ai
license uncommon-license:Elastic-2.0 AI (license): Mintlify uses Elastic-2.0 across their package ecosystem; this is intentional and not a security concern. ai

Versions (showing 3 of 408)

Version Deps Published
0.0.295 2 / 15
0.0.294 2 / 15
0.0.293 2 / 15

v0.0.295

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.0.294

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.0.293

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.